PT-2023-18720 · Intel · System Firmware Update Utility

J00Sean

Publicado

2023-08-11

Atualizado

2023-08-23

CVE-2023-22841

CVSS v3.1

7.3

Alta

Vetor

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset versions prior to 16.0.7

Description The issue is related to an unquoted search path in the software installer, which may allow an authenticated user to potentially enable escalation of privilege via local access. This could potentially impact Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset.

Recommendations For versions prior to 16.0.7, update to version 16.0.7 or later to resolve the issue. As a temporary workaround, consider restricting local access to the System Firmware Update Utility (SysFwUpdt) to minimize the risk of exploitation.

Correção

Uncontrolled Search Path Element

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-428CWE-427

Identificadores relacionados

CVE-2023-22841

Produtos afetados

System Firmware Update Utility

PT-2023-18720 · Intel · System Firmware Update Utility

CVE-2023-22841

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5